User login

Navigation

Mechanized Î»<sub>JS</sub>

In an earlier post, we introduced Î»JS, our operational semantics for JavaScript. Unlike many other operational semantics, Î»JS is no toy, but strives to correctly model JavaScript's messy details. To validate these claims, we test Î»JS with randomly generated tests and with portions of the Mozilla JavaScript test suite.

Testing is not enough. Despite our work, other researchers found a missing case in Î»JS. Today, we're introducing Mechanized Î»JS, which comes with a machine-checked proof of correctness, using the Coq proof assistant.

More work on mechanizing the actual, implemented semantics of a real language, rather than a toy.

Read the datatype declarations and function definitions. Doing so is a lot like reading any other functional program.

To read theorems:

Start at the bottom of the dependency chain.

Read each theorem statement and try to get a feel in natural language what it says. Draw pictures and instantiate it to particular cases. This is just like reading a normal mathematical theorem statement, and just like reading math, accept that this will be slow.

To understand the proof, single-step through the proof script.

Understand what the proof state was at each step, before running the script.

Understand what the proof state was after the command modified it.

Think about what mathematical argument justifies the change in the proof state.

Good Coq proof scripts chain lots of tactics together.

If a chain does something surprising, break it into smaller pieces and understand the intermediate states.

None of this is a fast process, but reading mathematics or code is not fast, either, and mechanized proof is a skill that builds on both of those. Also, just like in math or programming, you don't understand things until you run them, play with them, and fight with them.